Hacker sells hundreds of Microsoft C-Suite email credentials

How Much Are a CEO’s Email IDs Worth? According to a hacker, between $ 100 and $ 1,500 will be enough, although the specific price is set according to the size of the business and the role of the person within it. Unfortunately, this is not an exercise – there would be hundreds of C-suite level email IDs sold on a Russian speaking underground forum, ZDNet reported on Friday.

ZDNet discovered that the hacker is selling email and password combinations for Office 365 and Microsoft. accounts belonging to senior executives such as CEO, COO, CFO, CMO and CTO, among others. The hacker posted an ad for the credentials on Exploit.in, an underground forum for Russian-speaking hackers, as well as the login details of an executive of a UK business consulting agency and the president of a US clothing and accessories manufacturer to demonstrate that your offer was legitimate.

According to the report, ZDNet worked with an anonymous source in the cybersecurity community who contacted the hacker. to obtain samples of the data provided. The source was granted access to valid login information for two Microsoft accounts. One of them belonged to the CEO of a mid-sized US software company and the other to the CFO of an EU-based retail chain.

The outlet said the cybersecurity source had confirmed the data to be valid. The source is advising all companies that their executives’ email credentials have been compromised.

Gizmodo reached out to Microsoft to verify the report and ask for comments on the actions taken. We will be sure to update this blog if we get back to you.

Although it is not known how the hacker obtained the hundreds of Microsoft email credentials he is selling., Cyber ​​intelligence firm KELA offered a possible clue. KELA told ZDNet that the same hacker had in the past expressed interest in purchasing “Azor records” a reference to the data collected from the El malware troyano AZORult. AZORult steals data from compromised systems, including saved email and browser passwords, Skype message history, chat history files, and office files, among others.

Raveed Laeb, KELA Product Manager, told ZDNet that cybercriminals can exploit corporate email credentials in several ways.

“Attackers can use them for internal communications as part of a ‘CEO scam’, where criminals manipulate employees into sending them large sums of money; they can be used to access confidential information as part of an extortion program; or these credentials can also be exploited to access other internal systems that require email-based 2FA, to move sideways through the organization and perform a network intrusion, ”Laeb said.

As ZDNet pointed out, the best way to protect yourself against these types of attacks is to enable two-factor authentication, also known as multi-factor authentication. MFA asks you to submit two proofs to access your account. This means that a hacker would have to steal, for example, your credentials and your phone in order to be able to do something with them.

But do people do this? Apparently not. In the beginning of The year, Microsoft said that of all hacked business accounts, only 11% had multi-factor authentication enabled.

[ZDNet]